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IN THE CLAIMS 

1. [currently amended] A method for handling dynamic state information used for 
handling data packets, which arrive at a network element node of a network element 
5 cluster, said network element cluster having at least two nodes and each node handling 
separate sets of data packets, said method comprising th e s t e p of : 

- maintaining (206) in a first node a first, node-specific data structure (557, 558, 559) 
comprising entries representing state information (520) needed for handling sets of data 
packets handled in said first node, charact e r i zed in that said method further compri se s 

10 the step of: 

- - maintaining {20S> in said first node in addition to said node-specific data structure a 
second, common data structure (55 4 , 555, 556) comprising at least entries representing 
state information (§20) needed for hand l ing s e ts of for data packets handled in at least 
one other node of said network element cluster, the contents of said common data 

15 structure effectively differing from the contents of said node-specific data structur e and 
including copies of all state information entries maintained in a node-specific data 
structure of said at least one other node and needed for handling sets of data packets in 
said at least one other node, said entries being maintained according to information on 
how different sets of data packets are distributed among the nodes of the network 

20 element cluster, 

- dynamically changing distribution of at least one set of data packets from said at least 
one other node to said first node the network element cluster, and providing said first 
node with respective changed distribution information, 

■ in response to said changed distribution information, selecting the state information 
25 entries of said at least one re-distributed set of data packets from said second common 
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data structure and transferring them to said first node-specific data structure of said first 
node. 



2. [currently amended] A method according to claim 1, character i zed i n that i t furth e r 
5 comprises the stops o f further comprising : 

- allocating (200) t o each node belonging to said network element cluster certain node- 
specific distribution identifiers, each node having separate node-specific distribution 
identifiers allocated to it, 

- handling at least a plurality of data packets so that a data packet is handled (20 4 ) in 
10 that node of said network element cluster, to which node a distribution identifier 

calculated (202) using certain field(s) of said data packet is allocated, and 

- maintaining (212) in a plurality of entries of said node-specific and common data 
structures distribution information (510) relating to the distribution identifier, which 
corresponds to the set of data packets related to the respective entry. 

15 3. [currently amended] A method according to claim 2, charact e r i zed in that i t further 
compr i s e s the steps o f further comprising : 

- reallocating (605, 606, 607) said distribution identifiers to the nodes of said network 
element cluster, 

- if said reallocation results in a new distribution identifier being allocated to a node, said 
20 new distribution identifier being a distribution identifier not allocated to said node at the 

time of the reallocation, identifying (612) in the common data structure of said node the 
entries corresponding to said new distribution identifier, and adding (613) said entries to 
the node-specific data structure of said node, and 
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- if said reallocation results in an old distribution identifier not being allocated to a node 
anymore, said old distribution identifier being a distribution identifier allocated to said 
node at the time of the reallocation, identifying (615) in the node-specific data structure 
of said node the entries corresponding to said old distribution identifier, and clearing 

5 (616) said entries from the node-specific data structure of said node. 

4. [currently amended] A method according to claim 2, characterized i n that i t furth e r 
compr i s e s th e st e ps o f further comprising : 

- adding ( 4 00) a new entry to said node-specific data structure in a first node, 

- communicating ( 4 02) said new entry at least to a second node of the network element 
10 cluster, and 

- adding ( 4 03) an entry corresponding to said new entry to the common data structure of 
said second node. 

5. [currently amended] A method according to claim 4. character i zed in that i t furth e r 
compr i s e s th e st e p o f further comprising : 

15 - adding ( 4 01) an entry corresponding to said new entry to the common data structure of 
said first node. 

6. [currently amended] A method according to claim 1 , charact e rized i n f urther 
comprising maintaining (210) in said common data structure of said node entries 
representing state information needed for handling sets of data packets handled in said 

20 node. 



7. [currently amended] A method according to claim 1 , character i z e d in that w herein 
said state information comprises the source address field (521a) and/or the destination 
address field (521b) of an Internet Protocol header, and/or port header fields (522 a , 
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522b) of a Transmission Control Protocol header and/or port header fields (522a, 522b) 
of a User Datagram Protocol header, and/or the identifier header field of an Internet 
Control Message Protocol header, and/or a Message Identifier field (52 4 ) o f an Internet 
Security Association and Key Management Protocol header, and/or an Initiator Cookie 
5 field (525) o f an Internet Security Association and Key Management Protocol header, 
and/or the Security Parameter Index field (523) of a security header relating to the IPSec 
protocol suite, and/or a Session ID field (526) relating to the Secure Sockets Layer 
protocol, and/or an HTTP Cookie field (527) relating to the HyperText Transfer Protocol. 

8. [currently amended] A method according to claim 1, charactorized i n that w herein 
10 said state information comprises information (§28>-identifying an authenticated entity. 

9. [currently amended] A method according to claim 1 , charact e r i z e d in that w herein 
said state information comprises information (523) identifying a secured tunnel, within 
which data packets of the corresponding set are tunneled. 

10. [currently amended] A method according to claim 2, charact e r i zed in that w herein 
IS said distribution identifier is a hash value (512) and a hash function is used for 

calculating a hash value using certain field(s) of a data packet. 

11. [currently amended] A method according to claim 2, charact e r i z e d i n that w herein 
said distribution information is said distribution identifie r (511) . 

12. [currently amended] A method according to claim 2, charact e r i zed i n that w herein 
20 said distribution information is information needed for calculating said distribution 

identifier for the corresponding data packet. 
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13. [currently amended] A method according to claim 2, character i z e d i n that w herein 
said certain field(s) for calculating a distribution identifier comprise the source address 
field (521a) and/or the destination address field (522b) of an Internet Protocol header, 
and/or port header fields (522a. 522b) of a Transmission Control Protocol header and/or 

5 port header fields (522a, 522b) of a User Datagram Protocol header, and/or the identifier 
header field of an Internet Control Message Protocol header, and/or a Message Identifier 
field (52 4 ) of an Internet Security Association and Key Management Protocol header, 
and/or an Initiator Cookie field (525) of an Internet Security Association and Key 
Management Protocol header, and/or the Security Parameter Index field (523) of a 
10 security header relating to the IPSec protocol suite, and/or a Session ID field (526) 
relating to the Secure Sockets Layer protocol, and/or an HTTP Cookie field (527) relating 
to the HyperText Transfer Protocol. 

14. [currently amended] A network element node (700) of a network element cluster 
having at least two nodes, said node (700)-comprising 

15 - first data storage means (70 4 ) . afwJ 

- means (702) for maintaining in said first data storage means (704) a first, node-specific 
data structure (551, 552, 553) comprising entries representing state information (520) 
needed for handling sets of data packets handled in said node, character i z e d i n that sa i d 
nod e furth e r compr i ses: 

20 - second data s torage m e ans (708) . and 

- means (706) for maintaining in said second data s torag e means (708) a second, 
common data structure (55 4 , 565, 556) comprising at least entries representing state 
information n ee d e d for handl i ng sets of for d ata packets handled in one other node of 
said network element cluster, the contents of said common data structure effectively 

25 differing from the contents of said node-specific data structure and including copies of all 
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state information entries maintained in a node-specific data structure of said at least one 
other node and needed for handling sets of data packets in said at least one other node, 
and said entries being maintained according to information on how different sets of data 
packets are distributed among the nodes of the network element cluster. 
5 - means fef-receiving changed distribution information dynamically changing distribution 
of at least one set of data packets from said at least one other node to said node in the 
network element cluster and 

- means that, based on said changed distribution information selects the state 
information entries of said at least one re-distributed set of data packets from said 

10 second common data structure in said second data storage and transfers them to said 
first node-specific data structure in said first data storage of said node . 

15. [currently amended] A network element node f?OQ)-according to claim 14, charac 

- said means (702) for maintaining the node-specific data structure are adapted to add a 
15 new entry to said node-specific data structure in said first storage means (70 4 ) , and to 

communicate said new entry to said means (706) f or maintaining common data 
structure, 

- said means (706) f or maintaining the common data structure are adapted to 
communicate said new entry at least to one other node of the network element cluster, 

20 and in that 

- said means (706) for maintaining the common data structure are further adapted to 
receive an entry from at least one other node of the network element cluster and to add 
an entry corresponding to said received entry to said common data structure in said 
second storage mean s (708) . 
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16. [currently amended] A network element node (70O)-according to claim 15, charac 

- said means (706) for maintaining the common data structure are further adapted to add 
a new entry received from said means (702) f or maintaining the node-specific data 

5 structure to said common data structure in said second storage means (708) . 

17. [currently amended] A network element node (700)'according to claim 14. charac 
tor i z e d in that it further compr i s e s further comprising : 

- means (710) for receiving distribution identifiers, which are currently allocated to said 
node, said distribution identifiers being used for handling at least a plurality of data 

10 packets so that a data packet is handled in that node of said network element cluster, to 
which node a distribution identifier calculated using certain field(s) of said data packet is 
allocated, and 

- third data storage moano (712) for storing said distribution identifiers, and i n that 

- said means (702, 706) for maintaining the node-specific and common data structures 
15 are adapted to maintain in a plurality of entries of said node-specific and common data 

structures in said first and second data storage moans (70 4 , 708) distribution information 
relating to the distribution identifier, which corresponds to the set of data packets related 
to the respective entry. 

18. [currently amended] A network element node according to claim 17, charact e r i z e d 
20 ifhtha twherein : 

- said means ( 710) for receiving distribution identifiers are adapted to receive reallocated 
distribution identifiers, an4 

- said means (706) for maintaining the common data structure are adapted to detect a 
new distribution identifier being allocated to said node due to the reallocation, said new 
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distribution identifier being a distribution identifier not allocated to said node at the time of 
receiving reallocated distribution identifiers, and to identify in the common data structure 
the entries corresponding to said new distribution identifier, and to communicate said 
entries to said means (702) f or maintaining the node-specific data structure for said 
5 entries to be added to the node-specific data structure, and 

- said means (702) for maintaining the node-specific data structure are adapted to detect 
an old distribution identifier not being anymore allocated to said node due to the 
reallocation, said old distribution identifier being a distribution identifier allocated to said 
node at the time of the reallocation, and to identify in the node-specific data structure the 
10 entries corresponding to said old distribution identifier, and to clear said entries from the 
node-specific data structure. 

19. [currently amended] A network element node f?00)-according to claim 14, charac 
torized in that w herein said first data storage m e ans (70 4 ) is a portion of kernel space 
memory. 

15 20. [currently amended] A network element node f70O)-according to claim 14, charac 
t e riz e d i n that w herein s aid second data s torage means (708) is a portion of user space 
memory. 

21. [currently amended] A network element node f?O0)-according to claim 14, charac 
t o r i zod i n that w herein said first data storage means (70 4 ) is a portion of content 

20 addressable memory. 

22. [currently amended] A network element node f7©0)-according to claim 14, charac 
tor i zed in that w herein said first storage means (70 4 ) is a p art of a cryptographic card. 
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23. [currently amended] A network element cluster {SOO)-having at least two network 
element node s (700) , at least one of said nodes {7ee)-comprising 

- first data storage means (70 4 ) , an4 

- means (702) f or maintaining in said first storage means (70 4 ) a first, node-specific data 
5 structure (551, 552, 553) comprising entries representing state information needed for 

handling sets of data packets handled in said node, character i z e d in that said at l east 
ono node further compris e s: 

- second data storage means (708) , and 

- means (706) for maintaining in said second storage means (708) a second, common 
10 data structure (55 4 , 555, 556) comprising at least entries representing state information 

needed for handling sets of data packets handled in one other node of said network 
element cluster, the contents of said common data structure effectively differing from the 
contents of said node-specific data structur er and including copies of all state information 
entries maintained in a node-specific data structure of said one other node and needed 
15 for handling sets of data packets in said one other node, said entries being maintained 
according to information on how different sets of data packets are distributed among the 
nodes of the network element cluster, 

- means for receiving changed distribution information dynamically changing distribution 
of at least one set of data packets from said one other node to said at least one node in 

20 the network element cluster and 

- means that based on said changed distribution information selects the state information 
entries of said at least one re-distributed set of data packets from said second common 
data structure in said second data storage and transferring them to said first node- 
specific data structure in said first data storage means of said at least one node . 
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24. [currently amended] A network element cluster {S0O}-according to claim 23, cha 
ractoriz e d i n that it furth e r compris e s f urther comprising : 

- means (802) for allocating to each node belonging to said network element cluster 
certain node-specific distribution identifiers, each node having separate node-specific 

5 distribution identifiers allocated to it, said distribution identifiers being used for handling 
at least a plurality of data packets so that a data packet is handled in that node of said 
network element cluster, to which node a distribution identifier calculated using certain 
field(s) of said data packet is allocated, and in that said at least one node further 
comprises: 

10 - means (710) for receiving distribution identifiers, which are currently allocated to said 
node, and 

- third data storage m e ans (712) for storing said distribution identifiers, and i n that 

- said means (702, 706) for maintaining the node-specific and common data structures 
are adapted to maintain in a plurality of entries of said node-specific and common data 

15 structures in said first and second data storage means (70 4 , 708) distribution information 
relating to the distribution identifier, which corresponds to the set of data packets related 
to the respective entry. 

25. [currently amended] A network element cluster 0 according to claim 24 , charac 

20 - said means (802) for allocating distribution identifiers are adapted to reallocate 
distribution idenfiers to the nodes of said network element cluster, and i n that i n w herein 
irtsaid at least one node 

- said means (710) for receiving distribution identifiers are adapted to receive reallocated 
distribution identifiers, and 
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' said means (706) for maintaining the common data structure are adapted to detect a 
new distribution identifier being allocated to said node due to the reallocation, said new 
distribution identifier being a distribution identifier not allocated to said node at the time of 
receiving reallocated distribution identifiers, and to identify in the common data structure 
5 the entries corresponding to said new distribution identifier, and to communicate said 
entries to said means (702) for maintaining the node-specific data structure for said 
entries to be added to the node-specific data structure, and 

- said means (702) for maintaining the node-specific data structure are adapted to detect 
an old distribution identifier not being anymore allocated to said node due to the 
10 reallocation, said old distribution identifier being a distribution identifier allocated to said 
node at the time of the reallocation, and to identify in the node-specific data structure the 
entries corresponding to said old distribution identifier, and to clear said entries from the 
node-specific data structure. 

26. [original] A computer program comprising program code for performing all the steps 
15 of Claim 1 when said program is run on a computer 

27. [original] A computer program product comprising program code means stored on a 
computer readable medium for performing the method of Claim 1 when said program 
product is run on a computer. 



